Macros in Splunk App for Fraud Analytics
Splunk App for Fraud Analytics includes the following preconfigured macros. Use these macros instead of editing data models, dashboards and searches.
Name | Description |
---|---|
Fraud_webindexes__fraud_web
|
Data sources for the fraud_web data model.
|
datasources__fraud_account
|
Data sources for the fraud_account data model.
|
AF__app
|
System name of the parent app (Splunk Enterprise Security). Used to generate link within notable events to the investigation dashboard. |
AF__dash__customer_accounts
|
System name of the Customer Account Analysis dashboard. Used to generate link within notable events to the investigation dashboard. |
AF__dash__risk_exposure
|
System name of the Risk Exposure dashboard. Used to generate link within notable events to the investigation dashboard. |
AF__dash__web_traffic
|
System name of the Web Traffic Analysis dashboard. Used to generate link within notable events to the investigation dashboard. |
high_value_accounts
|
List of VIP accounts. |
anon_get_numeric_id(2)
|
Generates anonymized numeric ID. |
datasources__fraud_account
|
Lists index(es) for new account fraud data model: fraud_account .
|
high_value_accounts
|
Lists special high value account that might require extra attention. |
indexes__fraud_web index IN ("firstfederal", "web_traffic")
|
Lists index(es) for fraud data model: fraud_web .
|
infields
|
Lists some internal Splunk fields. |
random_in_range(2)
|
Macro to generate random number within specified range |
Data models in Splunk App for Fraud Analytics | Recommended types of data sources for fraud detection |
This documentation applies to the following versions of Splunk® App for Fraud Analytics: 1.1.3, 1.2.4
Feedback submitted, thanks!